Employing External Plug-in Modules

DirX Access supports the employment of external plug-in modules in the authentication, authorization and auditing subsystems to support specific use cases:

  • Authentication subsystem: callout handler to externalize the handling of authentication credentials (that is, sending challenges via secondary communication channels; verifying authentication credentials in case of proprietary validation algorithms or proprietary transformation/representation of persisted reference information for the validation task), attribute finders for authenticated subjects and CRL finders for X.509 certificate credentials validation.

  • Authorization subsystem: attribute finders, also called Policy Information Points (PIPs) in the authorization subsystem architecture.

  • Auditing subsystem: audit sink implementation.

  • Federation subsystem: user consent for SAML assertion exchanges at the SAML IdP‑FEP Web application.

  • SSO subsystem: callout handler to externalize the handling of SSO events (for example, updating dependent session state in third-party systems).

To employ this custom code:

  1. Create a Java project – for example, MyPluginProject - and configure it to produce an OSGi bundle, for example, myplugin‑bundle‑1.0.0.jar.

  2. Implement the custom functionality (callout handler in the authentication subsystem, attribute finder in the authorization system, audit sink plug-in for the audit subsystem) in a class called, for example, MyPluginClass that resides in a package such as example.mypluginpackage.

  3. Build the MyPlugin OSGi bundle myplugin‑bundle‑1.0.0.jar. We suggest using the Bnd tool (http://bnd.bndtools.org/ ) to automatically generate the JAR file with the MANIFEST.MF containing all necessary OSGi headers, especially the Import-Package and Export-Package headers, based on a simple configuration file.

  4. Copy this bundle into the folder \Server\instances\default\ext.

  5. Append new lines with the MyPlugin OSGi bundle configuration to the end of¨\Server\instances\default\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info file with an appropriate start level; for example:

    # MyPlugin
MyPlugin,1.0.0,ext/myplugin‑bundle.jar,1,false

  6. (Re-)start the DirX Access Server and then test the employment of the external plug-in.

DirX Access Extensions deliver production-ready code for the recognized plug-in interfaces.